Atlassian aCLI Reference Skill for Jira and Confluence
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only Atlassian CLI reference that clearly covers sensitive Jira and organization-admin actions, so it is usable but requires careful confirmations.
Install or use this skill only if you want the agent to help with Atlassian CLI commands. Keep tokens protected, prefer OAuth for interactive use, and require explicit confirmation plus target review before any bulk, delete, archive, or organization-admin command.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs these commands with the user's credentials, Jira work items, projects, fields, or user accounts could be changed or deleted.
The skill documents high-impact CLI operations that can delete or mutate Jira and Atlassian organization data, but it also explicitly requires user confirmation and target verification.
The following commands are **destructive or irreversible** — always confirm with the user before executing: `acli jira workitem delete`, `acli jira project delete`, `acli admin user delete`...
Use the skill only for intended Atlassian CLI tasks, require fresh explicit confirmation for destructive or bulk operations, and review resolved targets before execution.
Commands may run with the permissions of the authenticated Jira or Atlassian admin account.
The skill expects the user to authenticate acli and may use sensitive Jira or admin credentials, which is appropriate for the stated purpose but grants account-level authority.
Optional env vars: API_TOKEN (Jira API token for non-interactive auth), API_KEY (Admin API key for org-admin commands). Interactive OAuth via `acli jira auth login --web` is the default.
Prefer interactive OAuth for normal use, keep tokens out of command history and logs, and use the least-privileged account suitable for the task.
The registry view may not fully communicate that using the skill depends on an external authenticated CLI and optional sensitive credentials.
The registry metadata under-declares prerequisites that SKILL.md discloses, namely an installed/authenticated acli binary and optional API_TOKEN/API_KEY variables.
Required binaries (all must exist): none ... Env var declarations: none ... Primary credential: none
Treat the SKILL.md prerequisites as authoritative and consider updating registry metadata to declare the acli dependency and optional credential variables.